refactor: 重构权限后台认证
This commit is contained in:
Captain.B
刘瑞斌
parent
bb9c7979d4
commit
c9121b9003
|
|
@ -29,6 +29,9 @@ public class UserModularRealmAuthenticator extends ModularRealmAuthenticator {
|
||||||
|
|
||||||
// 默认使用本地验证
|
// 默认使用本地验证
|
||||||
for (Realm realm : realms) {
|
for (Realm realm : realms) {
|
||||||
|
if (realm == null) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if (realm.getName().contains(loginType)) {
|
if (realm.getName().contains(loginType)) {
|
||||||
typeRealms.add(realm);
|
typeRealms.add(realm);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,55 @@
|
||||||
|
package io.metersphere.security.realm;
|
||||||
|
|
||||||
|
import io.metersphere.base.domain.UserGroupPermission;
|
||||||
|
import io.metersphere.commons.user.SessionUser;
|
||||||
|
import io.metersphere.commons.utils.SessionUtils;
|
||||||
|
import io.metersphere.dto.GroupResourceDTO;
|
||||||
|
import io.metersphere.dto.UserDTO;
|
||||||
|
import io.metersphere.i18n.Translator;
|
||||||
|
import io.metersphere.service.UserService;
|
||||||
|
import org.apache.shiro.authc.*;
|
||||||
|
import org.apache.shiro.authz.AuthorizationInfo;
|
||||||
|
import org.apache.shiro.realm.AuthorizingRealm;
|
||||||
|
import org.apache.shiro.subject.PrincipalCollection;
|
||||||
|
|
||||||
|
import javax.annotation.Resource;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Objects;
|
||||||
|
import java.util.Set;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
public abstract class BaseRealm extends AuthorizingRealm {
|
||||||
|
@Resource
|
||||||
|
private UserService userService;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
|
||||||
|
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
|
||||||
|
|
||||||
|
String userId = token.getUsername();
|
||||||
|
String password = String.valueOf(token.getPassword());
|
||||||
|
UserDTO user = userService.getUserDTO(userId);
|
||||||
|
if (user == null) {
|
||||||
|
throw new UnknownAccountException(Translator.get("user_not_exist"));
|
||||||
|
}
|
||||||
|
SessionUser sessionUser = SessionUser.fromUser(user);
|
||||||
|
SessionUtils.putUser(sessionUser);
|
||||||
|
return new SimpleAuthenticationInfo(userId, password, getName());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
||||||
|
Set<String> permissions = Objects.requireNonNull(SessionUtils.getUser()).getGroupPermissions().stream()
|
||||||
|
.map(GroupResourceDTO::getUserGroupPermissions)
|
||||||
|
.flatMap(List::stream)
|
||||||
|
.map(UserGroupPermission::getPermissionId)
|
||||||
|
.collect(Collectors.toSet());
|
||||||
|
|
||||||
|
return permissions.contains(permission);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -12,7 +12,6 @@ import org.apache.shiro.SecurityUtils;
|
||||||
import org.apache.shiro.authc.*;
|
import org.apache.shiro.authc.*;
|
||||||
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
||||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||||
import org.apache.shiro.realm.AuthorizingRealm;
|
|
||||||
import org.apache.shiro.subject.PrincipalCollection;
|
import org.apache.shiro.subject.PrincipalCollection;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
@ -32,7 +31,7 @@ import java.util.stream.Collectors;
|
||||||
* set realm
|
* set realm
|
||||||
* </p>
|
* </p>
|
||||||
*/
|
*/
|
||||||
public class LdapRealm extends AuthorizingRealm {
|
public class LdapRealm extends BaseRealm {
|
||||||
|
|
||||||
private Logger logger = LoggerFactory.getLogger(LdapRealm.class);
|
private Logger logger = LoggerFactory.getLogger(LdapRealm.class);
|
||||||
@Resource
|
@Resource
|
||||||
|
|
@ -44,7 +43,7 @@ public class LdapRealm extends AuthorizingRealm {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 权限认证
|
* 角色认证
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||||
|
|
@ -95,8 +94,4 @@ public class LdapRealm extends AuthorizingRealm {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,6 @@ import org.apache.shiro.SecurityUtils;
|
||||||
import org.apache.shiro.authc.*;
|
import org.apache.shiro.authc.*;
|
||||||
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
||||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||||
import org.apache.shiro.realm.AuthorizingRealm;
|
|
||||||
import org.apache.shiro.subject.PrincipalCollection;
|
import org.apache.shiro.subject.PrincipalCollection;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
@ -34,7 +33,7 @@ import java.util.stream.Collectors;
|
||||||
* set realm
|
* set realm
|
||||||
* </p>
|
* </p>
|
||||||
*/
|
*/
|
||||||
public class LocalRealm extends AuthorizingRealm {
|
public class LocalRealm extends BaseRealm {
|
||||||
|
|
||||||
private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
|
private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
|
||||||
@Resource
|
@Resource
|
||||||
|
|
@ -49,12 +48,11 @@ public class LocalRealm extends AuthorizingRealm {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 权限认证
|
* 角色认证
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||||
String userId = (String) principals.getPrimaryPrincipal();
|
return null;
|
||||||
return getAuthorizationInfo(userId, userService);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static AuthorizationInfo getAuthorizationInfo(String userId, UserService userService) {
|
public static AuthorizationInfo getAuthorizationInfo(String userId, UserService userService) {
|
||||||
|
|
@ -134,8 +132,4 @@ public class LocalRealm extends AuthorizingRealm {
|
||||||
return new SimpleAuthenticationInfo(userId, password, getName());
|
return new SimpleAuthenticationInfo(userId, password, getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
Subproject commit 79d2eb9f7810b95673f691970e858b05d5d07e9a
|
Subproject commit 77479091f8c7559b2b0300ef9419de50b9e43ce7
|
||||||
Loading…
Reference in New Issue